Overview
overview
10Static
static
1client32/A...re.dll
windows7-x64
3client32/A...re.dll
windows10-2004-x64
3client32/HTCTL32.dll
windows7-x64
3client32/HTCTL32.dll
windows10-2004-x64
3client32/PCICHEK.dll
windows7-x64
3client32/PCICHEK.dll
windows10-2004-x64
3client32/PCICL32.dll
windows7-x64
3client32/PCICL32.dll
windows10-2004-x64
3client32/client32.exe
windows7-x64
10client32/client32.exe
windows10-2004-x64
10client32/msvcr100.dll
windows7-x64
3client32/msvcr100.dll
windows10-2004-x64
3client32/pcicapi.dll
windows7-x64
3client32/pcicapi.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24-10-2024 17:35
Static task
static1
Behavioral task
behavioral1
Sample
client32/AudioCapture.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
client32/AudioCapture.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
client32/HTCTL32.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
client32/HTCTL32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
client32/PCICHEK.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
client32/PCICHEK.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
client32/PCICL32.dll
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
client32/PCICL32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
client32/client32.exe
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
client32/client32.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
client32/msvcr100.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
client32/msvcr100.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
client32/pcicapi.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
client32/pcicapi.dll
Resource
win10v2004-20241007-en
General
-
Target
client32/PCICL32.dll
-
Size
3.3MB
-
MD5
df45089846f1fcbe66491ff76cf9fc6d
-
SHA1
b3a888033434ef712f3acc11612e8eec41b82d91
-
SHA256
128ad8b4b8f5975ab122564f726a2449e24a043021d2a671750312636a18a358
-
SHA512
30fbeea89e1f0e931a3e53252de12b31da478e61b101173c9819c8d3968bf44672b98c449b07c0728cb25b08e3a879ac146c6950eeec6fc62dfb53f809c95495
-
SSDEEP
49152:BWMA61yiaB6FnebgvDYUEuyiN1MpwYSNGrUqZ9AtXFshTIwiasclST3/:BKCyipe0/hyiN1MpjWWmtXXeSj
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1496 wrote to memory of 3460 1496 rundll32.exe 84 PID 1496 wrote to memory of 3460 1496 rundll32.exe 84 PID 1496 wrote to memory of 3460 1496 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\client32\PCICL32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\client32\PCICL32.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3460
-